<?

require("header.inc.php");

require("classes.inc.php");
$login = new loginmanager;
$login->verify();

if ($_SESSION['userlevel'] != 1)
{
  header("Location: index.php");
}

if(!empty($_REQUEST['command']))
{
  switch(escape($_REQUEST['command'])){
    case "screen-add-proj":
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "Nieuw Projectnaam: <input type=\"text\" name=\"projname\" /><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"add-proj\" />\n";
      echo "<input type=\"submit\" name=\"add-proj\" value=\"Toevoegen\" />\n";
      echo "</form>";
      break;
    case "add-proj":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['projname'])){
        $db->query("insert into `projecten` (`projectnaam`) VALUES('".escape($_POST['projname'])."');");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-adj-proj":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `projectnr`, `projectnaam` from `projecten`");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "<select name=\"oldproj\">\n";
      while($project = $db->output()){
        echo "<option value=\"".$project['projectnr']."\">".$project['projectnaam']."</option>\n";
      }
      echo "</select><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"adj-proj\" />";
      echo "Nieuwe naam: <input type=\"text\" name=\"newproj\" /><br />\n";
      echo "<input type=\"submit\" name=\"adj-proj\" value=\"Wijzig\" />";
      echo "</form>";
      break;
    case "adj-proj":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['oldproj']) && !empty($_POST['newproj'])){
        $db->query("UPDATE `projecten` SET `projectnaam` = '".escape($_POST['newproj'])."' WHERE `projectnr` = '".escape($_POST['oldproj'])."';");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-del-proj":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `projectnr`, `projectnaam` from `projecten`;");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "<select name=\"projid\">";
      while( $project = $db->output()){
        echo "<option value=\"".$project['projectnr']."\">".$project['projectnaam']."</option>\n";
      }
      echo "</select><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"del-proj\" />\n";
      echo "<input type=\"submit\" name=\"del-proj\" value=\"Verwijderen\">\n";
      echo "</form>";
      break;
    case "del-proj":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['projid'])){
        $db->query("delete from `projecten` where `projectnr` = '".escape($_POST['projid'])."';");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-add-costs":
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "Naam Kosten:<input type=\"text\" name=\"newcosts\" /><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"add-costs\" />\n";
      echo "<input type=\"submit\" name=\"add-costs\" value=\"Toevoegen\" />\n";
      echo "</form>";
      break;
    case "add-costs":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['newcosts'])){
        $db->query("insert into `kosten` (`kostenomschrijving`) values ('".escape($_POST['newcosts'])."');");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-adj-costs":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `kostencode`, `kostenomschrijving` from `kosten`;");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "Kosten:<select name=\"costid\">\n";
      while ($kosten = $db->output()){
        echo "<option value=\"".$kosten['kostencode']."\">".$kosten['kostenomschrijving']."</option>\n";
      }
      echo "</select><br />\n";
      echo "Nieuwe Naam:<input type=\"text\" name=\"newcosts\" /><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"adj-costs\" />";
      echo "<input type=\"submit\" name=\"adj-costs\" value=\"Wijzigen\" />";
      echo "</form>";
      break;
    case "adj-costs":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['costid']) && !empty($_POST['newcosts']) && !empty($_POST['newbedrag'])){
        $db->query("update `kosten` set `kostenomschrijving` = '".escape($_POST['newcosts'])."' where `kostencode` = '".escape($_POST['costid'])."';");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-del-costs":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `kostencode`, `kostenomschrijving` from `kosten`;");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "Kosten:<select name=\"costid\">\n";
      while ($kosten = $db->output()){
        echo "<option value=\"".$kosten['kostencode']."\">".$kosten['kostenomschrijving']."</option>\n";
      }
      echo "</select><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"del-costs\" />\n";
      echo "<input type=\"submit\" name=\"del-costs\" value=\"Verwijderen\" />\n";
      echo "</form>";
      break;
    case "del-costs":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['costid'])){
        $db->query("delete from `kosten` where `kostencode` = '".escape($_POST['costid'])."';");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-add-users":
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "Naam: <input type=\"text\" name=\"name\" /><br />\n";
      echo "Username: <input type=\"text\" name=\"username\" /><br />\n";
      echo "Password: <input type=\"password\" name=\"password\" /><br />\n";
      echo "Admin? <input type=\"checkbox\" name=\"admin\" /><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"add-users\" />\n";
      echo "<input type=\"submit\" name=\"add-users\" value=\"Toevoegen\" />\n";
      echo "</form>";
      break;
    case "add-users":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['name']) && !empty($_POST['username']) && !empty($_POST['password'])){
      if (isset($_POST['admin'])) {$admin = 1;}else{$admin = 0;}
        $db->query("insert into `employees` (`Emp_naam`, `username`, `password`, `userlevel`) values ('".escape($_POST['name'])."', '".escape($_POST['username'])."', '".sha1(escape($_POST['password']))."', '".$admin."');");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-adj-users":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `Empnr`, `Emp_naam` from `employees`;");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "<select name=\"userid\">\n";
      while ($user = $db->output()){
        echo "<option value=\"".$user['Empnr']."\">".$user['Emp_naam']."</option>\n";
      }
      echo "</select><br />\n";
      echo "Naam: <input type=\"text\" name=\"name\" /><br />\n";
      echo "Username: <input type=\"text\" name=\"username\" /><br />\n";
      echo "Password: <input type=\"password\" name=\"password\" /><br />\n";
      echo "Admin? <input type=\"checkbox\" name=\"admin\" /><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"adj-users\" />";
      echo "<input type=\"submit\" name=\"adj-users\" value=\"Wijzig\" />";
      echo "</form>";
      $db->closelink();
      break;
    case "adj-users":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['userid']) && !empty($_POST['name']) && !empty($_POST['username']) && !empty($_POST['password'])){
        if (isset($_POST['admin'])){$admin = 1;}else{$admin=0;}
        $db->query("update `employees` set `Emp_naam` = '".escape($_POST['name'])."', `username` = '".escape($_POST['username'])."', `password` = '".sha1(escape($_POST['password']))."', `userlevel` = '".$admin."' where `empnr` = '".escape($_POST['userid'])."';");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    case "screen-del-users":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      $db->query("select `Empnr`, `Emp_naam` from `employees`;");
      echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">\n";
      echo "User: <select name=\"userid\">\n";
      while ($user = $db->output()){
        echo "<option value=\"".$user['Empnr']."\">".$user['Emp_naam']."</option>\n";
      }
      echo "</select><br />\n";
      echo "<input type=\"hidden\" name=\"command\" value=\"del-users\" />\n";
      echo "<input type=\"submit\" name=\"del-users\" value=\"Verwijderen\" />";
      echo "</form>";
      $db->closelink();
      break;
    case "del-users":
      $db = new database_connection();
      $db->connect("localhost", "root", "", "roconsult");
      if (!empty($_POST['userid']))
      {
        $db->query("delete from `employees` where `empnr` = '".escape($_POST['userid'])."'");
      }
      $db->closelink();
      header("Location: ".$_SERVER['PHP_SELF']);
      break;
    default:
      makedefault();
  }
}
else
{
  makedefault();
}

function makedefault(){
  echo "<a href=\"?command=screen-add-proj\">Project Toevoegen</a><br />\n";
  echo "<a href=\"?command=screen-adj-proj\">Project Wijzigen</a><br />\n";
  echo "<a href=\"?command=screen-del-proj\">Project Verwijderen</a><br /><br />\n";
  echo "<a href=\"?command=screen-add-costs\">Kosten Toevoegen</a><br />\n";
  echo "<a href=\"?command=screen-adj-costs\">Kosten Wijzigen</a><br/>\n";
  echo "<a href=\"?command=screen-del-costs\">Kosten Verwijderen</a><br /><br />\n";
  echo "<a href=\"?command=screen-add-users\">Gebruikers Toevoegen</a><br />\n";
  echo "<a href=\"?command=screen-adj-users\">Gebruikers Wijzigen</a><br />\n";
  echo "<a href=\"?command=screen-del-users\">Gebruikers Verwijderen</a><br />\n";
}

require("footer.inc.php");
?>